The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from the Solana blockchain, creating an attack surface for indirect prompt injection.
Ingestion points: External NFT metadata is fetched via umi.rpc.getAsset and fetchAsset methods found in templates/metaplex-client.ts and examples/core/create-nft.ts.
Boundary markers: Absent. The instructions do not define clear boundaries or provide warnings to the agent regarding instructions that might be embedded in fetched blockchain metadata.
Capability inventory: The skill has the capability to sign and send transactions to the Solana network using local private keys, as seen in the sendAndConfirm calls across multiple files.
Sanitization: Absent. Data fetched from the blockchain is processed and returned to the agent's context without sanitization.
[EXTERNAL_DOWNLOADS]: The skill interacts with various external services for blockchain connectivity and decentralized storage.
It utilizes the Irys network (formerly Bundlr) for uploading asset metadata to Arweave, referencing endpoints like devnet.irys.xyz and node1.irys.xyz.
It communicates with standard Solana RPC endpoints such as api.mainnet-beta.solana.com and api.devnet.solana.com.
Automated scanners flagged node1.irys.xyz as a phishing risk and docs/troubleshooting.md as suspicious. Within the context of Metaplex development, irys.xyz is the official domain for the storage provider, and the detection in the documentation is likely a heuristic false positive due to the density of network-related code and URLs.
[DATA_EXFILTRATION]: The skill handles sensitive cryptographic material required for blockchain transactions.
Code templates and examples, such as templates/metaplex-client.ts, use createSignerFromKeypair which requires the user to provide their Solana secretKey. While this is standard for blockchain clients, it represents a data sensitivity point if the agent's context is compromised.

metaplex